HNS MAIN FEED
Tuesday, 14:23 EST
- OpenDNSSEC 1.0.0 released
- Microsoft releases giant patch collection
- 81% percent of e-mail links to malware
- Unaware of the dangers, most teens share personal info online
- Data harvested from Facebook used in boiler room scams
- A closer look at USB Secure 1.3.0
- Safety tips for online dating
- Researcher hacks security encryption chip found on millions of PCs
- Is authenticated XSS a problem?
- Online shopping safety: Consumers hold retailers responsible
- Seagate ships the Savvio 10K.4 hard drive
- Political hacktivism and the exploitation of tragedies is on the rise
The Evolution of Self-Defense Technologies in Malware
This article explores how malware has developed self-defense techniques and how these techniques have evolved as it has become more difficult for viruses to survive. It also provides an overview of the current situation.
First we must define the meaning of the term “malware self-defense", which is not as unequivocal as it may seem at first glance. When malware attacks antivirus programs, this is clearly a form of self defense. When malware covering its tracks, this is also in some sense a form of self defense, although less obviously so. An even less obvious form of self defense is the very evolution of malicious programs. After all, one of the motivations behind virus writers searching for new platforms that can be infected and for new system loopholes is to spread new viruses in the wild, into areas where no one yet bothers to look for malicious code as nothing has been found there before.
In order to avoid confusion about what is considered a self-defense technology and what is not, this article examines only the most popular and obvious means of malware self-defense. First and foremost this includes various means of modifying and packing code, in order to conceal the presence of malicious code in the system and to disrupt the functionality of antivirus solutions.
Classifying malware self defense
There are many different kinds of malware self-defense techniques and these can be classified in a variety of ways. Some of these technologies are meant to bypass antivirus signature databases, while others are meant to hinder analysis of the malicious code. One malicious program may attempt to conceal itself in the system, while another will not waste valuable processor resources on this, choosing instead to search for and counter specific types of antivirus protection. These different tactics can be classified in different ways and put into various categories.
As the goal of this article is not to create a strict classification system for malware self-defense techniques, let's consider a classification system that will provide an understanding of this issue at an intuitive level. We take the two criteria which we believe are the most important, and from there we will create a scatterplot with two axes representing those two criteria.
The first criterion is a malicious program's level of self-defense activity. The most passive malware does not attempt to defend itself in any way, i.e. it does not contain any such code. Instead, the author creates a kind of protective shell for the program. More active self-defense systems involve deliberately aggressive techniques.
- A closer look at USB Secure 1.3.0
- Is authenticated XSS a problem?
- A closer look at File Encryption XP 1.5
- Corporations should follow the goverment's lead on attribution of cyberattacks
- IDS legacy is institutionalized failure
